[MAVEN:GHSA-8XFC-GM6G-VGPV] Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.

Severity Moderate
Affected Packages 13
Fixed Packages 12
CVEs 1

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

ID
MAVEN:GHSA-8XFC-GM6G-VGPV
Severity
moderate
URL
https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
Published
2024-05-14T15:32:54
(8 days ago)
Modified
2024-05-14T20:22:02
(8 days ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.bouncycastle/bctls-jdk18on org.bouncycastle bctls-jdk18on < 1.78
Fixed pkg:maven/org.bouncycastle/bctls-jdk18on org.bouncycastle bctls-jdk18on = 1.78
Affected pkg:maven/org.bouncycastle/bctls-jdk15to18 org.bouncycastle bctls-jdk15to18 < 1.78
Fixed pkg:maven/org.bouncycastle/bctls-jdk15to18 org.bouncycastle bctls-jdk15to18 = 1.78
Affected pkg:maven/org.bouncycastle/bctls-jdk14 org.bouncycastle bctls-jdk14 < 1.78
Fixed pkg:maven/org.bouncycastle/bctls-jdk14 org.bouncycastle bctls-jdk14 = 1.78
Affected pkg:maven/org.bouncycastle/bcprov-jdk18on org.bouncycastle bcprov-jdk18on < 1.78
Fixed pkg:maven/org.bouncycastle/bcprov-jdk18on org.bouncycastle bcprov-jdk18on = 1.78
Affected pkg:maven/org.bouncycastle/bcprov-jdk15to18 org.bouncycastle bcprov-jdk15to18 < 1.78
Fixed pkg:maven/org.bouncycastle/bcprov-jdk15to18 org.bouncycastle bcprov-jdk15to18 = 1.78
Affected pkg:maven/org.bouncycastle/bcprov-jdk15on org.bouncycastle bcprov-jdk15on < 1.78
Fixed pkg:maven/org.bouncycastle/bcprov-jdk15on org.bouncycastle bcprov-jdk15on = 1.78
Affected pkg:maven/org.bouncycastle/bcprov-jdk14 org.bouncycastle bcprov-jdk14 < 1.78
Fixed pkg:maven/org.bouncycastle/bcprov-jdk14 org.bouncycastle bcprov-jdk14 = 1.78
Affected pkg:maven/org.bouncycastle/bcpkix-jdk18on org.bouncycastle bcpkix-jdk18on < 1.78
Fixed pkg:maven/org.bouncycastle/bcpkix-jdk18on org.bouncycastle bcpkix-jdk18on = 1.78
Affected pkg:maven/org.bouncycastle/bcpkix-jdk15to18 org.bouncycastle bcpkix-jdk15to18 < 1.78
Fixed pkg:maven/org.bouncycastle/bcpkix-jdk15to18 org.bouncycastle bcpkix-jdk15to18 = 1.78
Affected pkg:maven/org.bouncycastle/bcpkix-jdk14 org.bouncycastle bcpkix-jdk14 < 1.78
Fixed pkg:maven/org.bouncycastle/bcpkix-jdk14 org.bouncycastle bcpkix-jdk14 = 1.78
Affected pkg:maven/org.bouncycastle/bc-fips org.bouncycastle bc-fips < 1.0.2.5
Fixed pkg:maven/org.bouncycastle/bc-fips org.bouncycastle bc-fips = 1.0.2.5
Affected pkg:maven/BouncyCastle.Cryptography BouncyCastle.Cryptography < 2.3.1
Fixed pkg:maven/BouncyCastle.Cryptography BouncyCastle.Cryptography = 2.3.1
Affected pkg:maven/BouncyCastle BouncyCastle < 2.3.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date
Loading...